Why the CNBC Password Security Tool Fiasco is an Internet Wake Up Call

CNBC recently published – and then removed – an article showcasing a password strength checker tool to help readers with their password security. It was a perfect lesson in good intentions gone wrong. Asking “how strong is your password?” they encouraged readers to submit their passwords for inspection:

The problem?

As Engadget reported, the passwords were sent through the portal unencrypted. Encryption ensures that external parties cannot intercept and interpret the message being sent. Secondly, the passwords were stored in a Google Docs spreadsheet – a far cry from the military-grade security employed by password managers. As it turns out, the information was also sent to multiple additional third-parties – making CNBC’s claim that “no passwords are being stored” a false one indeed!

A screenshot of the (now removed) password tool.

The most amazing part of this PR disaster story is that the tool made it through various levels of approval at CNBC without anyone flagging these security issues – talk about a wake up call!

Here’s how you can avoid a password security risk like the CNBC Password Security Tool

One warning sign for savvy users was that the site used an insecure protocol – HTTP – instead of HTTPS. As we’ve mentioned in previous articles on safe web habits, always look for a secure HTTPS in the web address before submitting sensitive information.

We also noticed that the tool asked the user to click a submit button in order to assess the password. As our Password Strength Checker proves, you do not need to transmit the data to test! That’s why we don’t ask people to actually submit their passwords. We do not store the data – and that’s a fact.

And here’s what to do if your password has been compromised

Follow these great tips from BGR for what to do if your passwords get compromised like those who participated in CNBC’s password test:

“It goes without saying that if you read this particular article and gave it one of your passwords, you should change that password right now. Additionally, you should make sure you have unique and hard-to-guess passwords for each Internet service you use. Thirdly, you should consider changing your passwords every once in a while. Finally, using a password manager to keep track of all you passwords is also advisable.”